Question

The NoSQL movement continues to grow to meet the Big Data storage needs of companies such as Amazon.com, Facebook, and Google. What are the unique security issues associated with these non-relational, structured storage DBMSs? Using our online Library system, summarize the finding of a reputable article’s information regarding the unique security issues with NoSQL databases.

Answer 1

# Security issues with NoSQL databases :

@ The administrative user / authentication is not enabled by default ,unlike relational database management system it is a major drawback :

In NoSQL , data files are never encrypted by default. If encryption is required for the data file, In that case application layer needs to encrypt the data before sending it to the database server .

@ In NoSQL databases client communicates with server via plaintext(MongoDB) .

By default it  does not support SSL client-node communication, which leads to security breach in the Network.

@ NoSQL databases has a very weak password storage :

when sensitive data is being stored in NoSQL databases, security issues become a major concerns, transmit the password as plain-text, even if it is kept as ,No SQL  lacks of encryption support for the data files .

@ In NoSQL databases we Cannot use external encryption tools like LDAP, Kerberos etc :

NoSQL databases is based on  distributed computing also it cannot use external encryption tools like. LDAP etc.

@ NoSQL Lack of encryption support for the data files :

NoSQL databases are very weak, authentication and Encryption in NoSQL is almost nonexistence or is very weak when implemented .

@ NoSQL has weak authentication both between client and the servers :

Servers and clients are connected by very weak plain text standard and uses secure protocol(s) to create tunnels between servers and clients for communication.

@ In NoSQL databases there is a vulnerability to SQL injection:

NoSQL databases for example " MongoDB" don't use SQL for queries, they still do queries which are based upon user input. This means that they are still very much vulnerable to injection attacks if the developer does not properly perform input sanitization .

@ Denial of service attacks are possible in NoSQL databases :

The new query could trigger a Denial of Service. (DoS) attack and cause NoSQL databases like "MongoDB" instance to execute at 100% CPU usage for 10 seconds , which is very harmfull.

@ In NoSQL available encryption solution isn’t production ready :

In NoSQL passwords in databases are encrypted by using MD5 or PBKDF2 algorithms which  isn't secure enough.

@ In NoSQL encryption isn’t available for client communication:

Encryption is not  available for client communication. still all this security problems, it best to consider that NoSQL databases are still new in the market .